当前位置:  首页>> 技术小册>> Kubernets合辑2-部署Ingress

ConfigMap Key Description Default
redirect-to-https Sets the 301 redirect rule based on the value of the http_x_forwarded_proto header on the server block to force incoming traffic to be over HTTPS. Useful when terminating SSL in a load balancer in front of the Ingress Controller — see 115 False
ssl-redirect Sets an unconditional 301 redirect rule for all incoming HTTP traffic to force incoming traffic over HTTPS. True
hsts Enables HTTP Strict Transport Security (HSTS) : the HSTS header is added to the responses from backends. The preload directive is included in the header. False
hsts-max-age Sets the value of the max-age directive of the HSTS header. 2592000 (1 month)
hsts-include-subdomains Adds the includeSubDomains directive to the HSTS header. False
hsts-behind-proxy Enables HSTS based on the value of the http_x_forwarded_proto request header. Should only be used when TLS termination is configured in a load balancer (proxy) in front of the Ingress Controller. Note: to control redirection from HTTP to HTTPS configure the nginx.org/redirect-to-https annotation. False
ssl-protocols Sets the value of the ssl_protocols directive. TLSv1 TLSv1.1 TLSv1.2
ssl-prefer-server-ciphers Enables or disables the ssl_prefer_server_ciphers directive. False
ssl-ciphers Sets the value of the ssl_ciphers directive. HIGH:!aNULL:!MD5
ssl-dhparam-file Sets the content of the dhparam file. The controller will create the file and set the value of the ssl_dhparam directive with the path of the file. N/A

该分类下的相关小册推荐: